Security issue with on-prem /self-hosted Docker install releases 245, 243, 241, 239 and older
Incident Report for Instana
To address this vulnerability, authentication has been implemented for the datastores in Docker as default, using the username/password for beeinstana, clickhouse, elasticsearch, kafka, and postgres.

Additionally, using a specific Docker network instead of a host network enhances the security of all datastores

We have released the following security bulletin for this issue
IBM strongly recommends addressing the vulnerability now by upgrading to 247

Upgrading your Instana console:

Use your appropriate package manager command to update to a desired package version of Instana console.

See the following example for Ubuntu:
To get the latest version, run the command as follows:
sudo apt-get install instana-console
Posted Apr 27, 2023 - 11:12 UTC
Docker-based datastores for IBM Instana do not currently require authentication
Due to this, an attacker within the network or on the system could access the data stores with read/write access (CVE-2023-27290).
Posted Apr 27, 2023 - 11:10 UTC